I made some changes to the policy to get plymouth working in enforcing. I have noticed that since plymouthd is started very early during boot it is running as kernel_t. Some of the permissions are for kernel_t even though they are for the plymouthd process. Dave Sugar (5): Allow xdm (lightdm) start plymouth Dave Sugar (3): Allow xdm (lightdm) start plymouth Changes to support plymouth working in enforcing Some items that seem they can be dontaudited for plymouthd policy/modules/kernel/devices.if | 18 +++++++++++++ policy/modules/kernel/kernel.te | 5 +++- policy/modules/services/plymouthd.if | 38 ++++++++++++++++++++++++++++ policy/modules/services/plymouthd.te | 5 ++++ policy/modules/services/xserver.te | 4 +++ 5 files changed, 69 insertions(+), 1 deletion(-) -- 2.20.1